Forum Discussion
Baselines in SCAP/Nessus audit format
Are the latest Windows 10 baselines available in a format that can be ingested by Nessus for compliance checking? SCAP? I know these used to be available from Nessus directly but have since been removed.
7 Replies
- Yes, as the still open issues show, it is not without flaws and why should the customer take the responsibility for converting security baselines, that should be job of the software vendor ? Shouldn't be everything from the baseline already be in the OS itself, secure by default ... As I proposed on the mentioned Repo: convert it, test it , commit it. Please offer long due alternatives to Grouppolicy's and give customers a reason to switch to a modern configuration management.
- Rick_Munck
Microsoft
FLeven we will discuss internally but cannot commit to anything at this point
- Rick_Munck
Ryan Means not at this time. We are evaluating the possibility of something in the future but still in the information gathering stage.
- What about publishing the baselines in DSC format, would speed up proof reading and versioning ?
FLeven - IIRC the last time I looked into it (a couple of years ago), DSC could not reliably handle Advanced Auditing settings nor most Security Options (esp. the items persisted in inaccessible areas of the registry and/or in undocumented formats).
Implementations I've seen in the past had bugs and/or took dependencies on US-English.
That said, that might have been addressed in the interim.
